[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: directpc.com question... (deals with pf... )



On Wed, Dec 18, 2002 at 05:24:07PM -0600, Shawn Mitchell wrote:
> Anyone know what IP Addresses directpc.com uses?
> 
> Apparently they use async routing... basicly spoofing ip addresses... and pf
> is killing them.
hrm?  do you mean the people whose upstream is a modem, and downstream
is satellite?
can you be more specific about pf "killing them"?
 
> I'm not going to allow them unless I know what addresses, and where their
> going to.
you can cross reference the blocked ip's with information on
www.arin.net.
> I would just look at the logs..  but when your shoving about 70 mbit/sec
> through a box... you really can't see stuff  that fast...
dump it to a file.
> And what the piss is it with all these 445/137/139 scans???
welcome to the world of wormed windows hosts as your neighbors.
my isp filters 137/139, for the rest i do:
block in quick on $ext_if inet proto tcp from any to $ext_ip \
        port {  21 80 135 445 1433 12345 27374 31337 }
- jolan